+ Post New Thread
Results 1 to 11 of 11
Wired Networks Thread, VLANS so many vlans in Technical; So where I work we seem to have a lot of vlans (around 50) in a single domain the reason ...
  1. #1
    RobD's Avatar
    Join Date
    Mar 2007
    Posts
    85
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    16

    VLANS so many vlans

    So where I work we seem to have a lot of vlans (around 50) in a single domain the reason being to reduce broadcast traffic (so I'm told anyhow). All the switches are HP pro curves and we use IP Helper to span vlans to get DHCP addreesses.

    Now I'd love to get rid of as many of these as possible but before I do I thought I'd see if anyone could see any potential issues and also if anyone could offer any advice on how'd they'd go about this?

    Thanks

  2. #2

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,493
    Thank Post
    527
    Thanked 876 Times in 683 Posts
    Blog Entries
    15
    Rep Power
    438
    50 seems a lot but obviously we don't know the situation fully
    There's a few common approaches to vlans - some separate networks by location, by cabinet, by room sometimes. Some, including myself prefer to separate certain services; for instance servers, printers, wireless, guest wireless, clients, isolated network for testing maybe, CCTV, VOIP systems if you have that and have those few vlans spanning your entire site. Printers are often the worst culprits for broadcast traffic I find - ours before we vlanned everything up were beyond diabolical!

  3. #3

    Join Date
    Oct 2005
    Posts
    769
    Thank Post
    49
    Thanked 100 Times in 90 Posts
    Rep Power
    61
    Fifty does seem like rather a lot. As @synaesthesia says the general school of thought is either to group by location or by similar requirements.

    Documentation is the key thing. Make sure you know why the VLANs are there and what they are doing before you unpick it.

    A good segregated network is great... a bad one is a nightmare!

  4. #4

    Join Date
    Jan 2010
    Posts
    102
    Thank Post
    2
    Thanked 16 Times in 16 Posts
    Rep Power
    11
    VLANs do cut down broadcast traffic, but that's not their only function.

    Given that VLANs are also subnets you're going to have to re-IP anything you change, at least the mask and default gateway.

    Why do you want to get rid of them?

    Quote Originally Posted by pantscat View Post
    Make sure you know why the VLANs are there and what they are doing before you unpick it.
    This. A thousand times this.
    Last edited by jtotheb; 18th September 2013 at 01:21 PM.

  5. #5
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    732
    Thank Post
    75
    Thanked 113 Times in 99 Posts
    Blog Entries
    8
    Rep Power
    27
    I'm relatively happy with our layout. The district is comprised of seven buildings and most of the VLANs go building first, then service, but a couple span the entire district.

    Each building has its own:
    - management VLAN for switches
    - wireless management VLAN for access points
    - wireless VLAN for instructors
    - wireless VLAN for students
    - instructional VLAN for student and staff wired systems
    - server VLAN
    - security VLAN for IP cameras

    District spanning VLANs are:
    - one for HVAC controllers
    - one for the phone switches

    The phone switches and HVAC controllers didn't number enough to warrant separate VLANs for each building. Having them in their own VLANs enabled us to limit remote access to just those subnets as well for when contractors need to get in. Most of the subnets have 23bit masks and the links between the buildings are all trunk links over private fiber. I purposely left all the classroom ports on one VLAN too. Room layouts change too often and I would be pulling my hair out trying to keep up with port assignments for staff/printer/student devices.

    First and foremost though as already stated, you need to completely document what you have, understand it, and have a plan before you start changing things. Going into something like this blind would cause much hilarity to ensue.

  6. #6
    RobD's Avatar
    Join Date
    Mar 2007
    Posts
    85
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    16
    Thanks for the replys guys, I think my first task will be to document what everything does and how it does it then think about what to do next.......I'll let you know how I get on!

  7. #7

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,608
    Thank Post
    49
    Thanked 444 Times in 330 Posts
    Rep Power
    136
    Just to chip in that the VLANs alone whilst containing broadcast traffic within a given subnet does not solve all networking issues.
    You could have 50 VLANS on a single network and if one subnet/vlan kicks off across all switches without the corresponding traffic controls your network can still be ground to a halt.

    Admittedly having 50 VLANs on a single domain means something is doing a lot of inter VLAN routing and if this isn't up to scratch you can end up with a lot of latency between subnets.

    I have 8 Vlans at one site I thought that was enough, but I'm about to pull the CCTV off of it completely now and isolate it over its own fibre uplinks and some dedicated switchgear as the traffic from clients on the data network are routing through the core switch to view CCTV on the DVR LAN and this sits at up to 10mbps all day long on the shared uplinks.

    VLANs are a great way to get the most out of your structured cabling but it doesn't mean you have to push everything across the same wire.

    Removing a VLAN means you have to move all related traffic and IP management onto another so a lot of basic stuff like is the DHCP scope large enough to service the influx of new clients?
    Are the new co-habitants of the consolidated VLANs happy to work together?
    You need to do a lot of Visualisation as many of the potential impacts of merging previously separated traffic together may not be apparent until you do it by which time its too late and you have the world and his dog on your back!

    Sounds like 50 is far too many but are the implications of collapsing them down more hassle than the gains to be had from simplified management?

  8. #8
    RobD's Avatar
    Join Date
    Mar 2007
    Posts
    85
    Thank Post
    0
    Thanked 7 Times in 7 Posts
    Rep Power
    16
    Thanks m25man that was really interesting and hit home for me as there are definitely latency issues on the network.

    Most of vlans seem to segregate departments which only contain normal workstations so once I've documented the structure I'll look at slowly breaking down the vlans.

    As for the actual break down of the vlans, could I potentially just remove the vlan on the ports and add the workstations to the default untagged vlan?

  9. #9

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,608
    Thank Post
    49
    Thanked 444 Times in 330 Posts
    Rep Power
    136
    Yes, that's how it goes or switch them to an alternative VLAN. Just be careful of DHCP exhaustion and if your running VoiP and IP phones be careful you don't break anything you cant fix.

  10. #10
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    264
    Thank Post
    4
    Thanked 26 Times in 22 Posts
    Rep Power
    12
    I probably have close to 50 vlans but I like it. The folks the designed it did it similar to that of @Duke5A ‘s setup.
    Each data closet gets its own data vlan
    Each buildings wireless, hvac, and ip cameras get their own vlans
    Switch management in a vlan
    Servers in a vlan
    Voip vlan
    Several wireless vlans based on guest student staff etc.
    The idea behind this design in addition to separation of services is troubleshooting. I can look at an IP and find out what building and what data closet.
    In hind sight there are a few changes I would make, but it’s not worth the hassle now.
    The HVAC as a /24 vlan in each building and only 2 or 3 devices in it, that could have been spanned across the district.
    Wireless management could have been spanned across the district (maybe?)
    Some of the larger data closets have two /24’s with no consistency of which port is on what vlan. I have two computer labs that some pc’s are on one vlan and some on another. At some point I need to convert those to a /23

    Another benefit of multiple data vlans is when the time coms I’ll be able to setup filtering per building based on their IP.

    As others have said someone set them up for a reason so find out what they are all for before you change anything.

  11. #11

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,608
    Thank Post
    49
    Thanked 444 Times in 330 Posts
    Rep Power
    136
    @ADMaster raises a very valid point regarding multiple data LANs as grouping by IP is a very easy way to manage access especially as you get closer to the gateway.
    I can see how this could appeal to sites where granular control at the IP layer is needed and indeed in a lot of commercial applications I can see how it could work well.

    A good example are shared premises such as Business and Enterprise lettings like Regus Office suites where many tenants get access to shared Internet and Comms Rooms.

    Its not unusual to get 30 or 40 businesses wanting their own networks but need shared Internet Access.
    Managing a building like that will consume Data VLANs quickly but Inter VLAN routing is almost non existent maybe just the Phone system, CCTV, and Building Management System thus multiple VLAN routing latency wouldn't occur.

    Latency has always been the biggest problem I have ever seen on multiple data VLANs, its not that it doesn't work just that sometimes through no fault of the NM a packet has to travel across far to many hops to get to its destination and back again via some times grossly underpowered switches with ARP Tables overflowing with entries and this can have devastating effects on application performance. You know the type of stuff, shared databases that use file locking instead of SQL and Accounts packages dragging data across several VLANs every time a field is updated.

    Having 50 VLANs on your backbone will not be an issue if it has sufficient trunks or LAGs (depending what vendors terminology you use) but if your tagging a single uplink with 50 VLANs its maybe not the most optimal method, but I have seen many exactly like this.

SHARE:
+ Post New Thread

Similar Threads

  1. [Pics] So Many Crows...Its Murder!
    By DaveP in forum Jokes/Interweb Things
    Replies: 7
    Last Post: 23rd February 2011, 07:43 PM
  2. [Video] 0-10 in so many seconds.
    By laserblazer in forum Jokes/Interweb Things
    Replies: 0
    Last Post: 8th December 2010, 05:47 PM
  3. Replies: 17
    Last Post: 8th December 2009, 12:23 PM
  4. To Vlan or not Vlan?
    By Theblacksheep in forum Wireless Networks
    Replies: 33
    Last Post: 19th August 2008, 03:22 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •